skip to main content
research-article

Trustworthy and Transparent Third-party Authority

Published:15 October 2020Publication History
Skip Abstract Section

Abstract

Recent advances in cryptographic approaches, such as Functional Encryption and Attribute-based Encryption and their variants, have shown significant promise for enabling public clouds to provide secure computation and storage services for users’ sensitive data. A crucial component of these approaches is a third-party authority (TPA) that must be trusted to set up public parameters, provide private key service, and so on. Components of deployed cryptographic mechanisms such as the certificate authorities (CAs), which are the TPAs of the underlying PKI for the SSL/TLS protocol, have faced several types of attacks (e.g., stealthy targeted and censorship attacks), and certificate mis-issuance problems. Such practical challenges indicate that the successful deployment of newer emerging cryptographic schemes will also significantly depend on the trustworthiness of the TPAs. Furthermore, recently proposed decentralized TPA approaches that lower the threshold on the conditions required for an entity to become an authority can make the trust issue much worse. To address this issue, we propose an authority transparency framework to ensure the trustworthiness of TPAs of recent and emerging advanced cryptographic schemes. The framework includes a formal model and a secure logging-based approach to implement the framework. Further, to address the issues related to privacy, we also present a privacy-preserving authority transparency approach. We present security analysis and performance evaluation to show that authority transparency achieves the security and performance goals.

Skip Supplemental Material Section

Supplemental Material

References

  1. Mohamed Hossam Afifi, Liang Zhou, Shantanu Chakrabartty, and Jian Ren. 2018. Dynamic authentication protocol using self-powered timers for passive Internet of Things. IEEE IoT J. 5, 4 (2018), 2927--2935.Google ScholarGoogle Scholar
  2. Shashank Agrawal and Melissa Chase. 2017. FAME: Fast attribute-based message encryption. In Proceedings of the ACM Special Interest Group on Security, Audit and Control Conference on Computer and Communications Security (CCS’17). ACM, 665--682.Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Joseph A. Akinyele, Christina Garman, Ian Miers, Matthew W. Pagano, Michael Rushanan, Matthew Green, and Aviel D. Rubin. 2013. Charm: A framework for rapidly prototyping cryptosystems. J. Cryptogr. Eng. 3, 2 (2013), 111--128.Google ScholarGoogle ScholarCross RefCross Ref
  4. Christian Badertscher, Christian Matt, and Ueli Maurer. 2017. Strengthening access control encryption. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT’17). Springer, 502--532.Google ScholarGoogle ScholarCross RefCross Ref
  5. David Basin, Cas Cremers, Tiffany Hyun-Jin Kim, Adrian Perrig, Ralf Sasse, and Pawel Szalachowski. 2018. Design, analysis, and implementation of ARPKI: An attack-resilient public-key infrastructure. IEEE Trans. Depend. Secure Comput. 15, 3 (2018), 393--408.Google ScholarGoogle ScholarCross RefCross Ref
  6. Mihir Bellare and Sriram Keelveedhi. 2015. Interactive message-locked encryption and secure deduplication. In Proceedings of the International Workshop on Theory and Practice in Public Key Cryptography (PKC’15). Springer, 516--538.Google ScholarGoogle ScholarCross RefCross Ref
  7. John Bethencourt, Amit Sahai, and Brent Waters. 2007. Ciphertext-policy attribute-based encryption. In Proceedings of the IEEE Symposium IEEE Symposium on Security and Privacy (S8P’07). IEEE, 321--334.Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Dan Boneh, Rosario Gennaro, Steven Goldfeder, Aayush Jain, Sam Kim, Peter M. R. Rasmussen, and Amit Sahai. 2018. Threshold cryptosystems from threshold fully homomorphic encryption. In Proceedings of the Annual International Cryptology Conference. Springer, 565--596.Google ScholarGoogle ScholarCross RefCross Ref
  9. Dan Boneh, Craig Gentry, Shai Halevi, Frank Wang, and David J. Wu. 2013. Private database queries using somewhat homomorphic encryption. In Proceedings of the International Conference on Applied Cryptography and Network Security. Springer, 102--118.Google ScholarGoogle Scholar
  10. Dan Boneh, Amit Sahai, and Brent Waters. 2011. Functional encryption: Definitions and challenges. In Proceedings of the IACR Theory of Cryptography Conference (TCC’11). Springer, 253--273.Google ScholarGoogle ScholarCross RefCross Ref
  11. Kevin Borgolte, Tobias Fiebig, Shuang Hao, Christopher Kruegel, and Giovanni Vigna. 2018. Cloud strife: Mitigating the security risks of domain-validated certificates. In Proceedings of the Network and Distributed System Security Symposium (NDSS’18). Internet Society.Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Zvika Brakerski, Craig Gentry, and Vinod Vaikuntanathan. 2014. (Leveled) fully homomorphic encryption without bootstrapping. ACM Trans. Comput. Theory 6, 3 (2014), 13.Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Aldo Cassola, William K. Robertson, Engin Kirda, and Guevara Noubir. 2013. A practical, targeted, and stealthy attack against WPA enterprise authentication. In Proceedings of the Network and Distributed System Security Symposium (NDSS’13). Internet Society.Google ScholarGoogle Scholar
  14. Scott Chacon and Ben Straub. 2014. Pro Git. Apress.Google ScholarGoogle Scholar
  15. Melissa Chase. 2007. Multi-authority attribute based encryption. In Proceedings of the IACR Theory of Cryptography Conference (TCC’07). Springer, 515--534.Google ScholarGoogle ScholarCross RefCross Ref
  16. Melissa Chase and Sarah Meiklejohn. 2016. Transparency overlays and applications. In Proceedings of the ACM Special Interest Group on Security, Audit and Control Conference on Computer and Communications Security (CCS’16). ACM, 168--179.Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Jing Chen, Shixiong Yao, Quan Yuan, Kun He, Shouling Ji, and Ruiying Du. 2018. CertChain: Public and efficient certificate audit based on blockchain for TLS connections. In Proceedings of the IEEE IEEE International Conference on Computer Communications (INFOCOM’18). IEEE, 2060--2068.Google ScholarGoogle ScholarCross RefCross Ref
  18. Laurent Chuat, Pawel Szalachowski, Adrian Perrig, Ben Laurie, and Eran Messeri. 2015. Efficient gossip protocols for verifying the consistency of certificate logs. In Proceedings of the IEEE Conference on Communications and Network Security (CNS’15). IEEE, 415--423.Google ScholarGoogle ScholarCross RefCross Ref
  19. Alberto Dainotti, Claudio Squarcella, Emile Aben, Kimberly C. Claffy, Marco Chiesa, Michele Russo, and Antonio Pescapé. 2011. Analysis of country-wide internet outages caused by censorship. In Proceedings of the ACM SIGCOMM Internet Measurement Conference (IMC’11). ACM, 1--18.Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Ivan Damgård, Valerio Pastro, Nigel Smart, and Sarah Zakarias. 2012. Multiparty computation from somewhat homomorphic encryption. In Proceedings of the Annual Cryptology Conference. Springer, 643--662.Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Benjamin Dowling, Felix Günther, Udyani Herath, and Douglas Stebila. 2016. Secure logging schemes and certificate transparency. In Proceedings of the European Symposium on Research in Computer Security. Springer, 140--158.Google ScholarGoogle ScholarCross RefCross Ref
  22. Saba Eskandarian, Eran Messeri, Joe Bonneau, and Dan Boneh. 2017. Certificate transparency with privacy. In Proceedings on Privacy Enhancing Technologies. 329--344.Google ScholarGoogle ScholarCross RefCross Ref
  23. Ben Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, and Sergey Gorbunov. 2017. Iron: Functional encryption using Intel SGX. In Proceedings of the ACM Special Interest Group on Security, Audit and Control Conference on Computer and Communications Security (CCS’17). ACM, 765--782.Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Oliver Gasser, Benjamin Hof, Max Helm, Maciej Korczynski, Ralph Holz, and Georg Carle. 2018. In log we trust: Revealing poor security practices with certificate transparency logs and internet measurements. In Proceedings of the Passive and Active Measurement Conference (PAM’18). Springer, 173--185.Google ScholarGoogle ScholarCross RefCross Ref
  25. Craig Gentry, Amit Sahai, and Brent Waters. 2013. Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based. In Proceedings of the Annual Cryptology Conference. Springer, 75--92.Google ScholarGoogle ScholarCross RefCross Ref
  26. Nikita Gorasia, R. R. Srikanth, Nishant Doshi, and Jay Rupareliya. 2016. Improving security in multi authority attribute based encryption with fast decryption. Proc. Comput. Sci. 79 (2016), 632--639.Google ScholarGoogle ScholarCross RefCross Ref
  27. Sergey Gorbunov, Vinod Vaikuntanathan, and Hoeteck Wee. 2015. Predicate encryption for circuits from LWE. In Proceedings of the IACR Annual International Cryptology Conference (CRYPTO’15). Springer, 503--523.Google ScholarGoogle ScholarCross RefCross Ref
  28. The Wall Street Journal. 2017. Yahoo Triples Estimate of Breached Accounts to 3 Billion. Retrieved January 19 2018 from https://www.wsj.com/articles/yahoo-triples-estimate-of-breached-accounts-to-3-billion-1507062804.Google ScholarGoogle Scholar
  29. Jonathan Katz, Amit Sahai, and Brent Waters. 2008. Predicate encryption supporting disjunctions, polynomial equations, and inner products. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’08). Springer, 146--162.Google ScholarGoogle ScholarCross RefCross Ref
  30. Sam Kim and David J. Wu. 2017. Access control encryption for general policies from standard assumptions. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT’17). Springer, 471--501.Google ScholarGoogle Scholar
  31. Deepak Kumar, Zhengping Wang, Matthew Hyder, Joseph Dickinson, Gabrielle Beck, David Adrian, Joshua Mason, Zakir Durumeric, J. Alex Halderman, and Michael Bailey. 2018. Tracking certificate misissuance in the wild. In Proceedings of the IEEE Symposium IEEE Symposium on Security and Privacy (S8P’18). IEEE, 785--798.Google ScholarGoogle ScholarCross RefCross Ref
  32. Ben Laurie. 2014. Certificate transparency. Queue 12, 8 (2014), 10.Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Ben Laurie and Emilia Kasper. 2012. Revocation transparency. Google Research September (2012), 33.Google ScholarGoogle Scholar
  34. Ben Laurie, Adam Langley, and Emilia Kasper. 2013. Certificate Transparency. Technical Report. IETF.Google ScholarGoogle Scholar
  35. Neal Leavitt. 2011. Internet security under attack: The undermining of digital certificates. Computer 44, 12 (2011), 17--20.Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Brian Neil Levine, Clay Shields, and N. Boris Margolin. 2006. A survey of solutions to the sybil attack. University of Massachusetts Amherst, Amherst, MA.Google ScholarGoogle Scholar
  37. Allison Lewko and Brent Waters. 2011. Decentralizing attribute-based encryption. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’11). Springer, 568--588.Google ScholarGoogle ScholarCross RefCross Ref
  38. Marcela S. Melara, Aaron Blankstein, Joseph Bonneau, Edward W. Felten, and Michael J. Freedman. 2015. CONIKS: Bringing key transparency to end users. In Proceedings of the USENIX Security Symposium (Security’15). 383--398.Google ScholarGoogle Scholar
  39. Yannis Rouselakis and Brent Waters. 2013. Practical constructions and new proof methods for large universe attribute-based encryption. In Proceedings of the ACM Special Interest Group on Security, Audit and Control Conference on Computer and Communications Security (CCS’13). ACM, 463--474.Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Mark Dermot Ryan. 2014. Enhanced certificate transparency and end-to-end encrypted mail. In Proceedings of the Network and Distributed System Security Symposium (NDSS’14). Internet Society.Google ScholarGoogle ScholarCross RefCross Ref
  41. Quirin Scheitle, Taejoong Chung, Jens Hiller, Oliver Gasser, Johannes Naab, Roland van Rijswijk-Deij, Oliver Hohlfeld, Ralph Holz, Dave Choffnes, Alan Mislove, et al. 2018. A first look at certification authority authorization (CAA). ACM SIGCOMM Comput. Commun. Rev. 48, 2 (2018), 10--23.Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Quirin Scheitle, Oliver Gasser, Theodor Nolte, Johanna Amann, Lexi Brent, Georg Carle, Ralph Holz, Thomas C. Schmidt, and Matthias Wählisch. 2018. The rise of certificate transparency and its implications on the internet ecosystem. In Proceedings of the ACM SIGCOMM Internet Measurement Conference (IMC’18). ACM, 343--349.Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Linus Sjöström and Carl Nykvist. 2017. How Certificate Transparency Impact the Performance. Bachelor Thesis, Linköping University, Sweden.Google ScholarGoogle Scholar
  44. Brent Waters. 2011. Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In Proceedings of the International Workshop on Theory and Practice in Public Key Cryptography (PKC’11). Springer, 53--70.Google ScholarGoogle ScholarCross RefCross Ref
  45. Brent Waters. 2012. Functional encryption for regular languages. In Proceedings of the IACR Annual International Cryptology Conference (CRYPTO’12). Springer, 218--235.Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Ethereum Wiki. 2018. Merkle Patricia Trie Specification. Retrieved January 31, 2018 from https://github.com/ethereum/wiki/wiki/Patricia-Tree.Google ScholarGoogle Scholar
  47. Jiangshan Yu, Mark Ryan, and Cas Cremers. 2018. Decim: Detecting endpoint compromise in messaging. IEEE Trans. Inf. Forens. Secur. 13, 1 (2018), 106--118.Google ScholarGoogle ScholarCross RefCross Ref
  48. Liang Zhou, Sri Harsha Kondapalli, Kenji Aono, and Shantanu Chakrabartty. 2019. Desynchronization of self-powered FN tunneling timers for trust verification of IoT supply-chain. IEEE IoT J. 6, 4 (2019), 6537--6547.Google ScholarGoogle Scholar

Index Terms

  1. Trustworthy and Transparent Third-party Authority

              Recommendations

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              • Published in

                cover image ACM Transactions on Internet Technology
                ACM Transactions on Internet Technology  Volume 20, Issue 4
                November 2020
                391 pages
                ISSN:1533-5399
                EISSN:1557-6051
                DOI:10.1145/3427795
                • Editor:
                • Ling Liu
                Issue’s Table of Contents

                Copyright © 2020 ACM

                Publisher

                Association for Computing Machinery

                New York, NY, United States

                Publication History

                • Published: 15 October 2020
                • Online AM: 7 May 2020
                • Accepted: 1 March 2020
                • Revised: 1 January 2020
                • Received: 1 April 2019
                Published in toit Volume 20, Issue 4

                Permissions

                Request permissions about this article.

                Request Permissions

                Check for updates

                Qualifiers

                • research-article
                • Research
                • Refereed

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader

              HTML Format

              View this article in HTML Format .

              View HTML Format
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!